1. Create an S3 Bucket to import the OVA Image.
2. Upload the OVA Image via the browser. (Pro Tip: If the OVA has a long and complicated name, rename it. Your going to be using the command line.)
3. Install the AWS CLI and Python onto your Laptop
https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html
4. Verify via CMS that python --version and pip --version is working and you get a response.
Example:
C:\Users\ubuntu.power>pip --version
pip 19.0.1 from c:\users\ubuntu.power\appdata\local\programs\python\python37-32\lib\site-packages\pip (python 3.7)
C:\Users\ubuntu.power>python --version
Python 3.7.2
FYI. You can also use PowerShell
https://docs.aws.amazon.com/powershell/latest/userguide/pstools-getting-set-up-windows.html
5. You will need your AWS Secret ID and Key from IAM. Generate a new one if you forgot it or haven't use it or just plain don't know it.
https://blog.migrationking.com/2019/03/how-to-quickly-setup-aws-cli-on-windows.html
Note: Make sure you can run an aws command like the following with output:
aws s3 ls
6. AWS Import/Export Guide:
https://docs.aws.amazon.com/vm-import/latest/userguide/vm-import-ug.pdf
7. Convert from an OVA File:
http://www.daniloaz.com/en/how-to-create-a-sentilo-aws-ec2-instance-from-an-ova-file/
8. In order to import the OVA file, you have to save it to a location on your local machine where you can point to the path from PowerShell (If you're on Linux, the location from your shell). Note: If your on Windows, use the C:\ Drive Path.
Professional Note: Use Notepad++ on Windows to create the file
https://notepad-plus-plus.org/
9. trust-policy.json file
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"",
"Effect":"Allow",
"Principal":{
"Service":"vmie.amazonaws.com"
},
"Action":"sts:AssumeRole",
"Condition":{
"StringEquals":{
"sts:ExternalId":"vmimport"
}
}
}
]
}
10. role-policy.json file
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource":[
"arn:aws:s3:::disk-image-file-bucket",
"arn:aws:s3:::disk-image-file-bucket/*"
]
},
{
"Effect":"Allow",
"Action":[
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource":"*"
}
]
}
11. You import the policies from your machine using a local path. Drive Shares (e.g. Google Drive, etc seem to complain).
PS C:\Users\username> aws iam create-role --role-name vmimport --assume-role-policy-document file://C:\Users\username\Documents\AWS\s3\trust-policy.json
PS C:\Users\usernamet> aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://C:\Users\username\Documents\AWS\s3\role-policy.json
Page 14-15 of https://docs.aws.amazon.com/vm-import/latest/userguide/vm-import-ug.pdf
12. Create "containers.json" file.
[
{
"Description": "Bubba Lovey",
"Format": "ova",
"UserBucket": {
"S3Bucket": "bubba-lab-lovey",
"S3Key": "anykindofvm.ova"
}
}]
13. aws ec2 import-image --description "FireEye CMS" --license-type BYOL --disk-containers file://C:\Users\username\Documents\AWS\s3\containers.json
NOTE: This is a Linux Image
You can check the status of the running job by using the "ImportTaskID" that was provided when you kicked off the job:
This blog saved the day. Credit has to go to Daniel Lopez Azana!
http://www.daniloaz.com/en/how-to-create-a-sentilo-aws-ec2-instance-from-an-ova-file/
https://rzn.id.au/tech/converting-an-ova-to-an-amazon-ami/ (Helpful)
2. Upload the OVA Image via the browser. (Pro Tip: If the OVA has a long and complicated name, rename it. Your going to be using the command line.)
3. Install the AWS CLI and Python onto your Laptop
https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html
4. Verify via CMS that python --version and pip --version is working and you get a response.
Example:
C:\Users\ubuntu.power>pip --version
pip 19.0.1 from c:\users\ubuntu.power\appdata\local\programs\python\python37-32\lib\site-packages\pip (python 3.7)
C:\Users\ubuntu.power>python --version
Python 3.7.2
FYI. You can also use PowerShell
https://docs.aws.amazon.com/powershell/latest/userguide/pstools-getting-set-up-windows.html
5. You will need your AWS Secret ID and Key from IAM. Generate a new one if you forgot it or haven't use it or just plain don't know it.
https://blog.migrationking.com/2019/03/how-to-quickly-setup-aws-cli-on-windows.html
Note: Make sure you can run an aws command like the following with output:
aws s3 ls
6. AWS Import/Export Guide:
https://docs.aws.amazon.com/vm-import/latest/userguide/vm-import-ug.pdf
7. Convert from an OVA File:
http://www.daniloaz.com/en/how-to-create-a-sentilo-aws-ec2-instance-from-an-ova-file/
8. In order to import the OVA file, you have to save it to a location on your local machine where you can point to the path from PowerShell (If you're on Linux, the location from your shell). Note: If your on Windows, use the C:\ Drive Path.
Professional Note: Use Notepad++ on Windows to create the file
https://notepad-plus-plus.org/
9. trust-policy.json file
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"",
"Effect":"Allow",
"Principal":{
"Service":"vmie.amazonaws.com"
},
"Action":"sts:AssumeRole",
"Condition":{
"StringEquals":{
"sts:ExternalId":"vmimport"
}
}
}
]
}
10. role-policy.json file
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource":[
"arn:aws:s3:::disk-image-file-bucket",
"arn:aws:s3:::disk-image-file-bucket/*"
]
},
{
"Effect":"Allow",
"Action":[
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource":"*"
}
]
}
11. You import the policies from your machine using a local path. Drive Shares (e.g. Google Drive, etc seem to complain).
PS C:\Users\username> aws iam create-role --role-name vmimport --assume-role-policy-document file://C:\Users\username\Documents\AWS\s3\trust-policy.json
PS C:\Users\usernamet> aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://C:\Users\username\Documents\AWS\s3\role-policy.json
Page 14-15 of https://docs.aws.amazon.com/vm-import/latest/userguide/vm-import-ug.pdf
12. Create "containers.json" file.
[
{
"Description": "Bubba Lovey",
"Format": "ova",
"UserBucket": {
"S3Bucket": "bubba-lab-lovey",
"S3Key": "anykindofvm.ova"
}
}]
13. aws ec2 import-image --description "FireEye CMS" --license-type BYOL --disk-containers file://C:\Users\username\Documents\AWS\s3\containers.json
NOTE: This is a Linux Image
You can check the status of the running job by using the "ImportTaskID" that was provided when you kicked off the job:
This blog saved the day. Credit has to go to Daniel Lopez Azana!
http://www.daniloaz.com/en/how-to-create-a-sentilo-aws-ec2-instance-from-an-ova-file/
https://rzn.id.au/tech/converting-an-ova-to-an-amazon-ami/ (Helpful)